Best Available Copy 

10/23/2008 19:47 FAX 732 530 9808 PATTERSON & SHERIDAN -* PTO 

RECEIVED 

CENIRAL FAX CENTER 

PATEMT 

OCT 2 3 2008 Atty. Dkt No. ATT/p003-O018 

IN THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims i(i the 
application: 

1 . (Currently Amended) An internet service provider (ISP) 
VPN Virtual Private Network (VPN) network comprising: 

a plurality of edge routers; 

a plurality of core routers adapted to allow communication betweerf said 
plurality of edge routers; 

a VPN application in communication with a first one of said plurality of 
edge routers, said VPN application having a first IP address; and 

a black-hole router in communication with said plurality of core routers, 
said black-hole router adapted to inject a second IP address into said IfSP VPN 
network, said second IP address comprising: 

the a same address as the first IP address; 
a higher preference value than said first IP address; and 
a community value such that when said second! IP address is 
injected, a selected first number of edge routers direct VPhJ traffic 
addressed for said first IP address to said VPN application! and a selected 
second number of edge routers direct VPN traffic addressed for £aid first 
IP address to said b l ack ho l e black-hole router. 

2. (Currently Amended) The ISP VPN network of claim 1 , wherjein said ISP 
system VPN network is a Multiprotocol Label Switching Virtual Private Nejtwork 
(MPLS VPN) ISP. 
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3. (Currently Amended) The ISP VPN network of claim 1 , whetfein 
hole router injects said second IP address in response to a Distributed Denial 
Service (DDoS) attack on said VPN application. 

4. (Currently Amended) The ISP VPN network of claim 1 , wheifein sai<(J 
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community value can be is changed in real-time by said black-holei router. 



5. (Currently Amended) The ISP VPN network of claim 1 , wherein saic 
VPN network utilizes one or more dynamic routing protocols in conjibinatic 
a community-based route filtering to propagate the injected second IP 
said plurality of edge routers. 
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6. (Currently Amended) The ISP VPN network of claim 1 wherein whe n 
selected second number of edge routers directs VPN traffic, addressed for 
first IP address, to said black ho l e black-hole router, said black hote black 



b ack- 



router is adapted to receive such VPN traffic as black-holed-traffic, said 
hole router adapted to analyze said black-holed traffic in order to determine 
ratio of attack traffic to legitimate traffic. 



7. (Currently Amended) The ISP VPN network of claim 1 , further comprising 
at least one route reflector, each one of said at least one route r e flectors reflector 



being connected to a different set of edge routers from said plurality of edge 
routers, said at least one route ref le ctors reflector being adapted to update said 
plurality of edge routers with route instructions, such route instructions including 
said injected second IP address. 

8. (Currently Amended) An 4SP internet service provider (ISP)! netwojk 
comprising: 

a plurality of edge routers; 

an application in direct or indirect electrical communication jwith a first one 
of said plurality of edge routers; 

said application having a first IP address such that VPN: Virtual Private 



Network (VPN) traffic addressed for said first IP address and eritering uaid ISP 
network at any one of said plurality of edge routers, is routed to said app ication; 
a black-hole router; and 

a router adapted to inject an instruction into said ISP network, s(uch that 
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one or more select edge routor(s) routers redirect VPN traffic, 
addressed to said first IP address, to said black-hole router J where 
injected instruction comprises a routing instruction having a sa mej IP addlress as 



w Mch is 
in said 



said first IP address, but with a higher preference value than said first IP address 



and having a community value . 



9. (Canceled) 



10. (Currently Amended) The ISP network of claim 8, wherein said ISP 
network is a MtS Multiprotocol Label Switching (MPLS) VPN JSP Network 



1 1 . (Original) The ISP network of claim 8, wherein said router arid said 
hole router are the same device. 



alack- 



12. (Original) The ISP network of claim 8, wherein said injected instruction is a 
Border Gateway Protocol (BGP) routing instruction. 



blac k 



1 3. (Currently Amended) The ISP network of claim 8, wherein sfcid 
router is adapted to receive redirected traffic from said one or morfe selec 
rout e r(s) routers and to determine a ratio of attack VPN traffic to lejgitimat 3 
traffic found in said redirected traffic, 



14. (Currently Amended) The ISP network of claim 8, wherein s£id router 
injects said instruction when said application is experiencing a DD j oS D istributed 
Denial of Service ( DDoS) attack. 

1 5. (Currently Amended) A method of managing a OBoS Distributed Denial of 



Service (DDoS) attack on an application within an JSP internet service provider 



(ISP) network , said application having a first IP address, said method 
comprising: 

injecting a Border Gateway Protocol (BGP) BGP routing instruction into 
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said ISP network when said DDoS attack is occurring , said BGP routing 
instruction comprising a second IP address having a same IP address as baid 



first IP address, but with a higher preference value than said first IP address and 



having a community value : 

redirecting, at one or more selected edge routers, VPN traffic 
for said first IP address to a black-hole router; and 

directing, at one or more other edge routers, VPN traffic addressed 
said first JP address to said application that is experiencing said DDoS attack 



addressed 



for 



16. (Currently Amended) The method of claim 15, wherein said ISP network is 
a MLS Multiprotocol 7 Label Switching (MPLS) VPN ISP network. 

1 7. (Original) The method of claim 1 5, further comprising: 
receiving, at said black-hole router, said redirected VPN traffic; 

and 

determining an amount of attack traffic therein. 

18. (Currently Amended) The method of claim 1 5, further comprising changing, 
in real-time , a number of said one or more of tho select e d r e d i r e ct i ng e dg e 



rout e r s to a d i r e cting e dg e rout e r selected edge routers that are redirectec 



1 9. (Currently Amended) The method of claim 1 5, wherein said injectinc 
BGP routing instruction into said ISP network is done by providing said BCJiP 
routing instruction to a route-reflector for disseminating said BGP routing 
instruction to other route reflectors within said ISP network. 
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